Apple Device Management for Beginners

If you're diving into Apple device management for the first time, let this comprehensive guide explain the basics so you can help your organization or school get the most out of its technology initiative.

How to migrate to modern Mac management

Much has already been said about the Device Enrollment Program (DEP), Volume Purchase Program (VPP) and the demise of Mac imaging over the past few years. Cries of “imaging is dead!” and talks of user empowered set up circulates in IT crowds. However, many organizations today are struggling putting modern Mac management practices in place. In today’s Jamf Nation User Conference (JNUC) session, Brian Martin of Lafayette School Corporation shared his school district’s story of digging out of old management methods and migrating to modern ones.

Martin started off talking about Lafayette’s Mac fleet. In 2017, Lafayette had over 7,000 iOS devices and 500 Macs running on five different OS versions. None of these computers were running the current OS. Martin needed to figure out a way to effectively and seamlessly manage these devices and get them updated.

Roadblocks to change

Martin’s team has had to work through a few blocks as they settled on their current management method. First, they had a failed user migration in 2014. However, this “failure” soon became a blessing as there were zero new resource or material costs!

A few other roadblocks tried to take Martin down:

Adobe CS6 was used on half the Mac fleet

AELP licensing of Apple apps

Inertia/comfort zones

Fully transitioning from imaging

It was time for Lafayette to say goodbye to imaging. DEP enrollment without LDAP help doesn’t collect much, so they had their techs respond to five simple AppleScript prompts during a Mac setup:

Asset tag

Building

Department

Role (admin, staff, student)

Room number.

Martin was then able to utilize Smart Groups as more location data was able to be collected, enabling policies like classroom printers, managed docks for labs, and machines with specialty hardware and/or software.

Lafayette also leaned heavily on Self Service to give end users more control. In fact, close to 80 percent of Lafayette’s policies are Self Service, as 128 GB MacBooks can’t handle an “install everything” workflow. To keep empowering the user, Martin also set up profiles that contribute to the user experience such as mount servers/web links, set proxies and managed kernel extensions.

What’s ahead

With these best practices in mind, Lafayette was able to provision lab Macs properly in 4 days. They didn’t stop there — after rollout, they completed enhancements like refined provisioning scripts, allowing devices to install Mac App Store apps, converting DB to InnoDB, and collaborating on AD fields. But practicing modern management method takes constant work, and Martin and his team are always thinking of what they can do to improve. Martin told attendees his team will look at doing these enhancements going forward: